MDM Error : Unauthorized delete access by user on item

Overview

Talend MDM Web UI may generate an exception showing that the connected user does not have sufficient rights to delete an item. This error is due to an incorrect configuration or a misuse of the user profiles. This article gives a detailed description of the issue, of the different default roles in MDM, and provides information on how to avoid this issue.

Symptoms

In the Web User Interface of Talend MDM, the following exception appears when trying to delete a record:

You can find a detailed stack trace in the log file, stored in Talend MDM server installation path\jboss-4.2.2.GA\server\default\log\server.log.

The main reason for this exception is that the connected user has a role which does not permit him to delete a record. This error is therefore expected in normal operating conditions of Talend MDM, as it helps prevent a user with insufficient rights (or a wrong role) to perform certain actions.

Often, this error is actually related to a misconfiguration of the user profile.

Note: Talend MDM allows a user to hold multiple roles, but the most restrictive one will apply in the Web UI.

In this example, the most restrictive role is System_View.

So even if the user also has a System_Interactive role that would allow him to perform the delete operation, the System_View role will apply in the Web UI.

Resolution

There are a number of default roles that you can assign to a user in the Web UI. When defining a new user in the Web UI, you must be sure to select one of the default roles for this user.

The MDM server is delivered with the following default roles: System_Admin, System_Interactive, System_Web, and System_View.

Try to select only one system role and one customized role. Below are the steps to define correct roles for a specific user:

Connect to the Web UI portal as an admin user.

Go to the Administration tab and select Manage users.

Select the defined user and go to the Roles tab.

Select two roles for the user: one system role and one customized role.